Select language

Objective

CyberSure is a programme of collaborations and exchanges between researchers aimed at developing a framework for creating and managing cyber insurance policy for cyber systems. The purpose of creating such policies will be to enhance the trustworthiness of cyber systems and provide a sound basis for liability in cases of security and privacy breaches in them. The framework will be supported by a platform of tools enabling an integrated risk cyber system security risk analysis, certification and cyber insurance, based on the analysis of objective evidence during the operation of such systems. CyberSure will develop its cyber insurance platform at TRL-7 by building upon and integrating state of the art tools, methods and techniques. These will include: (1) the state of the art continuous certification infrastructure (tools) for cloud services developed by the EU project CUMULUS; (2) the risk management tool of NIS enhanced by the NESSOS risk management methodology; and (3) insurance management tools of HELLAS.The development of the CyberSure platform will be driven by certification, risk analysis and cyber insurance scenarios for cyber system pilots providing cloud and e-health services. Through these, CyberSure will address the conditions required for offering effective cyber insurance for interoperable service chains cutting across application domains and jurisdictions.

Issues addressed in the project:The CyberSure project aims to develop, monitor, and manage cyber-insurance policies so as to help reduce the risk that cyber systems face and at the same time help educate both insurance companies and system owners of the existing risks and their magnitude and the ways they can reduce them (leading to lowering the insurance cost). The CyberSure goal is to offer a platform of integrated tools, which solves two main problems. Firstly, how to dynamically certify systems continuously that they possess required security properties and/or identify when they do not – similar to adding a GPS tracker on a vehicle to constantly verify that its drivers behave responsibly. Secondly, how to use the information obtained by this continuous, dynamic certification to allow both insurance companies and system owners to improve their understanding of how secure a system really is and thus be able to better calculate the risks associated with security failures.

Importance for Society:Cyber crime is a fast-growing area of crime in modern society consecutively becoming more aggressive and confrontational. Although cyber insurance’s contribution is considered crucial to the holistic addressing of cyber crime, the yet immature respective market faces a number of unique challenges on its way of development. This low maturity of the cyber insurance market leads to poor policy differentiation and customization as well. CyberSure comes to enable cyber insurance market differentiation in the EU, by providing a platform to automate, compare and customize cyber insurance contracts and by facilitating the generation and collection of actuarial data referring to them. Data collection and pooling among insurers and cyber system providers, in particular, is regarded as a prerequisite to generate the knowledge required to differentiate the cyber insurance offer for consumers. By coupling risk assessment to automated certification tools in an automated cyber insurance framework, CyberSure will facilitate the definition of policies and pricing schema making it feasible to be verified and updated dynamically, based on the real time data provided by the risk assessment and hybrid certification mechanisms.

Overall objectives:The overall aim of CyberSure is to develop an innovative framework supporting the creation and management of cyber insurance policies and offering a sound liability basis for establishing trust in cyber systems and services. To achieve its overall aim, CyberSure undertakes innovation and development activities driven by the following objectives:Objective 1: To establish a process centric framework for automating the creation and management of cyber insurance policies for cyber systems, based on integrating proven techniques for the certification, audit and risk assessment of security and privacy (S&P) for such systems.Objective 2: To develop a TRL‐7 platform supporting the creation, monitoring and adaptation of cyber insurance policies for cyber systems and the services available through them.Objective 3: To demonstrate the use of the CyberSure framework in real world trials in the areas of e‐health and cloud services and, through them, carry a comprehensive evaluation covering technical, business and legal aspects, and demonstrating technology readiness at TRL‐7.Objective 4: To create conditions for improving cyber insurance practice and the trustworthiness of cyber systems and commercializing the use of the CyberSure platform and framework.